[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Geomyidae TLS Prototype

Greetings comrades.

There  was  yet  another  discussion  about  TLS  on  gopher  on  this. 
mailinglist All positions of all previous discussions were repeated   . 

How does progress in Open Source work?

It depends on one person just doing it, not discussing it.

At the  moment I  am moving  all my  Gentoo machines  towards LibreSSL. 
There I discovered  the nice tls.h file, with a  very useful and simple 
API. Yes, the OpenSSL ugly API always kept me back from touching it.    

There is now a beta TLS support in


You require libressl and tls.h to compile it.

For testing your clients, the beta is now running on
and, if you like tor, on

How does it work?

	if (recv(sock, &byte0, 1, MSG_PEEK) < 1)
		return 1;

	  * First byte is 0x16 == 22, which is the TLS
	  * Handshake first byte.
	if (byte0 == 0x16 && dotls) {
		istls = 1;
		if (tls_accept_socket(tlsctx, &tlsclientctx, sock) < 0)

A selector beginning with 0x16 or 22 is invalid and will be rejected by 
every non-supporting server.                                            

The strategy for client support TLS is:

	1.) Try to connect using TLS.
	2.) If 1.) fails, connect without TLS, if user wishes so.

Depending on the security policy, a client can show this information or 
reject to connect.                                                      

Clic  (git://bitreich.org/clic) already  supports TLS  and gopher,  for 
sacc  (git://bitreich.org/sacc)  the  author  is  working  on  it.  The 
bitreich commandline client  hurl (git://codemadness.org/hurl) does not 
yet support it, but it is easy to add, since it already knows LibreSSL. 

Please  everyone try  it  out and  report  bugs. I  am  happy to  accept


Christoph Lohmann

P.S. To further unify gopherspace technology  I am working on making as 
simple as  some CGI script to  have .Links, .cap, .abstract  and .names 
files abstracted in geomyidae.                                          

Reply to: